October 18, 2019

October 18, 2019

Subscribe to Latest Legal News and Analysis

October 17, 2019

Subscribe to Latest Legal News and Analysis

October 16, 2019

Subscribe to Latest Legal News and Analysis

October 15, 2019

Subscribe to Latest Legal News and Analysis

Surveillance Software Targets WhatsApp Users

Unfortunately for all of us, Privacy Awareness Week doesn’t mean a chance to take a break from seemingly endless data breach notifications and social media vulnerabilities.

This week it’s WhatsApp’s turn, with reports that hackers, or as WhatsApp described as “an advanced cyber-actor”, have been able to remotely install surveillance software on phones and other devices of select targets, likely to be lawyers, journalists, activists and human rights defenders. The hackers were able to compromise the devices by using WhatsApp’s call function to ring the devices. The surveillance software was still installed even if the call was not picked up and the call reportedly would disappear from the compromised device’s call log. This means the malware could be installed without any action from the compromised user – and potentially without them even being able to determine that they had been compromised.

The surveillance software effectively rendered the app’s prized end-to-end encryption redundant as it allowed the attacker to read messages on the compromised devices.

WhatsApp released a fix last Friday and has encouraged all its users to update their apps, but some questions still remain.

In particular, while the app update fixes the issue that allowed the attack in the first place, it is not clear if the update can also remove the surveillance software embedded in already compromised devices.

WhatsApp has described the hackers as “a private company that has been known to work with governments to deliver spyware”, which news outlets have reported is Israel’s NSO Group. Regardless of the parties involved, the ability to defy WhatsApp’s encryption is a scary reminder of the potential impact of a “technical capability” that could be required under the recently enacted Australian encryption laws (except that it has not been kept secret!). 

Copyright 2019 K & L Gates

TRENDING LEGAL ANALYSIS


About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm
Partner

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

+61.3.9640.4261
Rob Pulham, KL Gates, Corporate technology requirements lawyer, contracts drafting attorney
Senior Associate

Mr. Pulham is a corporate and commercial lawyer. His practice includes advising clients in managing their technology requirements and contracts (including drafting, review and negotiation of contracts for the provision of technology products and services), providing advice regarding privacy, data protection and copyright law, marketing and advertising, website content and general commercial intellectual property advice.

Mr. Pulham's experience includes having worked for leading technology suppliers, large Australian financial institutions, and food and beverage manufacturers, as well as Australian and Victorian government agencies.

61-3-9640-4414
Senior Attorney

Ms. Aggromito is a senior lawyer in the lawyer in the Melbourne commercial technology and sourcing team focusing on IT, privacy and data protection.

+61.3.9205.2027